SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 5405)

This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.


Synopsis :

The remote SuSE 10 host is missing a security-related patch.

Description :

Mozilla Firefox was updated to version 2.0.0.15, fixing various bugs
including following security bugs :

- Mozilla developers identified and fixed several
stability bugs in the browser engine used in Firefox and
other Mozilla-based products. Some of these crashes
showed evidence of memory corruption under certain
circumstances and we presume that with enough effort at
least some of these could be exploited to run arbitrary
code. (CVE-2008-2798 / CVE-2008-2799 / MFSA 2008-21)

- Mozilla contributor moz_bug_r_a4 submitted a set of
vulnerabilities which allow scripts from one document to
be executed in the context of a different document.
These vulnerabilities could be used by an attacker to
violate the same-origin policy and perform an XSS
attack. (CVE-2008-2800 / MFSA 2008-22)

- Security researcher Collin Jackson reported a series of
vulnerabilities which allow JavaScript to be injected
into signed JARs and executed under the context of the
JAR's signer. This could allow an attacker to run
JavaScript in a victim's browser with the privileges of
a different website, provided the attacker possesses a
JAR signed by the other website. (CVE-2008-2801 / MFSA
2008-23)

- Mozilla contributor moz_bug_r_a4 reported a
vulnerability that allowed non-priviliged XUL documents
to load chrome scripts from the fastload file. This
could allow an attacker to run arbitrary JavaScript code
with chrome privileges. (CVE-2008-2802 / MFSA 2008-24)

- Mozilla contributor moz_bug_r_a4 reported a
vulnerability which allows arbitrary JavaScript to be
executed with chrome privileges. The privilege
escalation was possible because JavaScript loaded via
mozIJSSubScriptLoader.loadSubScript() was not using
XPCNativeWrappers when accessing content. This could
allow an attacker to overwrite trusted objects with
arbitrary code which would be executed with chrome
privileges when the trusted objects were called by the
browser. (CVE-2008-2803 / MFSA 2008-25)

- Opera developer Claudio Santambrogio reported a
vulnerability which allows malicious content to force
the browser into uploading local files to the remote
server. This could be used by an attacker to steal
arbitrary files from a victim's computer. (CVE-2008-2805
/ MFSA 2008-27)

- Security researcher Gregory Fleischer reported a
vulnerability in the way Mozilla indicates the origin of
a document to the Java plugin. This vulnerability could
allow a malicious Java applet to bypass the same-origin
policy and create arbitrary socket connections to other
domains. (CVE-2008-2806 / MFSA 2008-28)

- Mozilla developer Daniel Glazman demonstrated that an
improperly encoded .properties file in an add-on can
result in uninitialized memory being used. This could
potentially result in small chunks of data from other
programs being exposed in the browser. (CVE-2008-2807 /
MFSA 2008-29)

- Mozilla contributor Masahiro Yamada reported that file
URLs in directory listings were not being HTML escaped
properly when the filenames contained particular
characters. This resulted in files from directory
listings being opened in unintended ways or files not
being able to be opened by the browser altogether.
(CVE-2008-2808 / MFSA 2008-30)

- Mozilla developer John G. Myers reported a weakness in
the trust model used by Mozilla regarding alternate
names on self-signed certificates. A user could be
prompted to accept a self-signed certificate from a
website which includes alt-name entries. If the user
accepted the certificate, they would also extend trust
to any alternate domains listed in the certificate,
despite not being prompted about the additional domains.
This technique could be used by an attacker to
impersonate another server. (CVE-2008-2809 / MFSA
2008-31)

- Mozilla community member Geoff reported a vulnerability
in the way Mozilla opens URL files sent directly to the
browser. He demonstrated that such files were opened
with local file privileges, giving the remote content
access to read from the local filesystem. If a user
opened a bookmark to a malicious page in this manner,
the page could potentially read from other local files
on the user's computer. (CVE-2008-2810 / MFSA 2008-32)

- Security research firm Astabis, via the iSIGHT Partners
GVP Program, reported a vulnerability in Mozilla's block
reflow code. This vulnerablitity could be used by an
attacker to crash the browser and run arbitrary code on
the victim's computer. (CVE-2008-2811 / MFSA 2008-33)

See also :

http://www.mozilla.org/security/announce/2008/mfsa2008-21.html
http://www.mozilla.org/security/announce/2008/mfsa2008-22.html
http://www.mozilla.org/security/announce/2008/mfsa2008-23.html
http://www.mozilla.org/security/announce/2008/mfsa2008-24.html
http://www.mozilla.org/security/announce/2008/mfsa2008-25.html
http://www.mozilla.org/security/announce/2008/mfsa2008-27.html
http://www.mozilla.org/security/announce/2008/mfsa2008-28.html
http://www.mozilla.org/security/announce/2008/mfsa2008-29.html
http://www.mozilla.org/security/announce/2008/mfsa2008-30.html
http://www.mozilla.org/security/announce/2008/mfsa2008-31.html
http://www.mozilla.org/security/announce/2008/mfsa2008-32.html
http://www.mozilla.org/security/announce/2008/mfsa2008-33.html
http://support.novell.com/security/cve/CVE-2008-2798.html
http://support.novell.com/security/cve/CVE-2008-2799.html
http://support.novell.com/security/cve/CVE-2008-2800.html
http://support.novell.com/security/cve/CVE-2008-2801.html
http://support.novell.com/security/cve/CVE-2008-2802.html
http://support.novell.com/security/cve/CVE-2008-2803.html
http://support.novell.com/security/cve/CVE-2008-2805.html
http://support.novell.com/security/cve/CVE-2008-2806.html
http://support.novell.com/security/cve/CVE-2008-2807.html
http://support.novell.com/security/cve/CVE-2008-2808.html
http://support.novell.com/security/cve/CVE-2008-2809.html
http://support.novell.com/security/cve/CVE-2008-2810.html
http://support.novell.com/security/cve/CVE-2008-2811.html

Solution :

Apply ZYPP patch number 5405.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now